×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

MARS and vulnerability scanners

Unanswered Question
Jun 28th, 2006
User Badges:

Our new MARS typically shows a large number of false positives. Is it worthwhile to invest into a vulnerability scanner, such as Foundstone, so MARS has a better idea on which systems are actually vulnerable?" I always thought MARS performed scanning on the fly using Nessus. Is this typically good enough to rely on?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow).For more info refer the following URL

http://www.cisco.com/en/US/products/ps6241/products_data_sheet0900aecd80272e64.html.


manjsdeol Tue, 07/18/2006 - 08:18
User Badges:

Firing events are classified automatically by MARS as system-confirmed false positives or unconfirmed false positives this is due to data reduction feature of MARS,more info on false positive can be found in the below link http://www.cisco.com/en/US/partner/products/ps6241/products_user_guide_chapter09186a00806056e6.html#wp1030968, U r corret MARS do have in built integrated NESSUS scanner,I have tested the VA scanning ability of the MARS the results were pretty satisfying it shoots one incident saying "Vulnerable host found" as soon as it finds one,if you are integrating any VA scanner with MARS it just acts as a catalyst to the existing VA scan capabilities of the MARS.

Actions

This Discussion